是否可以限制javascript函数的范围？ [英] Is it possible to restrict the scope of a javascript function?

问题描述

假设我在全局范围内有变量。

Suppose I have a variables in the global scope.

假设我希望定义一个我可以保证无法访问的函数对于这个变量，有没有办法包装函数，或调用函数，这将确保这个？

Suppose I wish to define a function which I can guarantee will not have access to this variable, is there a way to wrap the function, or call the function, that will ensure this?

事实上，我需要任何规定的函数来定义良好访问变量，以及在该函数定义之前定义的访问权限。

In fact, I need any prescribed function to have well defined access to variables, and that access to be defined prior to, and separate from that function definition.

动机：
我正在考虑用户提交的可能性功能。我应该能够相信这个功能有多种安全，因此很乐意在我自己的网站上发布它们。

Motivation: I'm considering the possibility of user submitted functions. I should be able to trust that the function is some variety of "safe" and therefore be happy publishing them on my own site.

推荐答案

在另一个Origin上托管的 iframe 中运行代码。这是保证的唯一方法，即不受信任的代码被沙箱化并阻止访问全局变量或页面的DOM。

Run the code in an iframe hosted on a different Origin. This is the only way to guarantee that untrusted code is sandboxed and prevented from accessing globals or your page's DOM.

这篇关于是否可以限制javascript函数的范围？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！